5f47ae16a1c3e72e95728815213a3bb5b16145abbc7185b479dd39f1f7fc0239

Analysis

max time kernel
135s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a930e926429d1fee94ffcc384e4cf67.exe
Size

1.0MB
MD5

3a930e926429d1fee94ffcc384e4cf67
SHA1

a2361501619953e7af4be0a6745422b6115eb015
SHA256

5f47ae16a1c3e72e95728815213a3bb5b16145abbc7185b479dd39f1f7fc0239
SHA512

03a08ab5660c06a4beebbb7571ad1571e6a0fae7d89edb667e8fb301bbb77badfaf28353aaa96f4df2e02ca278269d9c7cfd4f04496a5fb6f8727a9d145103cc
SSDEEP

24576:70VY6+YCSJQStoVouBGg+n16m0fiGF80TpUrh9DZfZzC:70VSYCSBG3GgwAXf801+NfN

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_SP.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\BESTELL.HTM	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\ORDER.HTM	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_BR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_LV.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_RO.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_RO.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_SE.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\LICENSE.TXT	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\FILE_ID.DIZ	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFUSB.DLL	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL.EXE	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\UNINST.EXE	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_EA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_NL.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_TC.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_US.CHM	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_FR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_KR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_US.CHM	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFUSB.DLL	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_HR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_HU.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWLRES.DLL	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_HU.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_LT.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFEP.EXE	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_GA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_SK.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_SK.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_SP.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_BG.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_BG.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_UA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_CA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_JA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_TW.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_UA.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\UNINST.EXE	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_CZ.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_DK.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_IT.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_PL.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_TC.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_CN.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_CN.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_HE.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_HE.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_LT.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_LV.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL.EXE	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_BR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_HR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_MK.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_NL.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_SE.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_TW.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\FILE_ID.DIZ	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_CZ.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File opened for modification	C:\Program Files (x86)\EF Commander Lite\EFCWL_DK.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_ES.LNG	3a930e926429d1fee94ffcc384e4cf67.exe
File created	C:\Program Files (x86)\EF Commander Lite\EFCWL_FR.LNG	3a930e926429d1fee94ffcc384e4cf67.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3a930e926429d1fee94ffcc384e4cf67.exe
"C:\Users\Admin\AppData\Local\Temp\3a930e926429d1fee94ffcc384e4cf67.exe"
1⤵
- Drops file in Program Files directory
PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EF Commander Lite\EFCWL.EXE

Filesize
228KB

MD5
189248e76878be8fcfc4133e80362ee8

SHA1
e13e09269fbd1dbc61ee244e945e60a3489c5506

SHA256
1b54ba6371b42afee1cf1a81602bf6f26733623ed9269542e471488475d7741d

SHA512
4b534b927d63c2469c6a1f0aecd8512afac19d43d7d448eff224544513da86e4ca12ab513e78cd86475e1c1343d1d66bb99f3fdd59096b9261e2208525a6166c

Download Submit
C:\Program Files (x86)\EF Commander Lite\UNINST.EXE

Filesize
58KB

MD5
39227e25886383396fb11828ef07a664

SHA1
43e061fddd870ebd9661942a6ccb18225aad21cf

SHA256
f00080610cd78234618f3b5177363bbe0d9c4cb24bde226be5e384b0ab359174

SHA512
2bbef96ab7701354674310d615c4e867d7c0b930c9cc1321ae3447310f3239e43395bb975ed4905ccf245112dfac07005bda0dfae75d7c77a51c21a0d1bf9c68

Download Submit